Ensure Barbican required roles are created by Keystone
Presently there are several roles: audit, observer, and key-manger: service-admin that are used in Barbican policy but not generated by Keystone during a TripleO Deployment. This change updates Keystone's manifest to include creation of these missing roles then the Barbican API is included as part of a depl- oyment. Change-Id: I6d5d0a37abeb54600bb70e22fabde9479320ab81 (cherry picked from commit970462b562) (cherry picked from commit555498ba8c)
This commit is contained in:
Harry Rybacki
parent
8b12ef9d86
commit
d391ddf6a8
|
|
@ -303,9 +303,18 @@ class tripleo::profile::base::keystone (
|
||||||
}
|
}
|
||||||
|
|
||||||
if hiera('barbican_api_enabled', false) {
|
if hiera('barbican_api_enabled', false) {
|
||||||
|
keystone_role { 'key-manager:service-admin':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
keystone_role { 'creator':
|
keystone_role { 'creator':
|
||||||
ensure => present
|
ensure => present
|
||||||
}
|
}
|
||||||
|
keystone_role { 'observer':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
keystone_role { 'audit':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue